16 May 2018

MIL 188-220 Appendix D, standards for COMSEC transmissions

A recent post in radioscanner (my nickname is "ansanto" there), and some interesting discussions with a friend of mine, gave me the opportunity to study that signal and deepen the theme that is dealt with by MIL 188-220. In particular, the signal in question (courtesy by KarapuZ) concerns a transmission with link encryption provided by external COMSEC devices, in accordance with what is reported in the Appendix D of the cited standard, ie "transmission frame structure in either external and embedded COMSEC modes".

The COMSEC Frame Synchronization subfield is used to provide a framing signal indicating the start of the encoded MI to the receiving station. This subfield is 465 bits long, consisting of 31 Phi-encoded bits. The Phi patterns are a method of redundantly encoding data bits. The logical data bits 1 and 0 are encoded as shown in figure.

Back to the signal, it was heard by KarapuZ in the 33 MHz band and it is a GFSK modulation at a rate of 16000 Baud that can be easily processed using SA (Fig. 1).

Fig. 1

Once demodulated it turns out to be a transmission with link encryption provided by external COMSEC: indeed, the COMSEC Preamble can be easily identified as well as the three subfields Bit Synchronization, Frame Synchronization and Message Indicator (Fig. 2).

Fig. 2 - COMSEC Preamble

The use of the redundant 15-bit encoding is shown in Figure 3

Fig. 3

Since 188-220 is based on the VINSON algorithm, the used encryption is presumably KY-57 and taking into account the band where it was listened... everything points to the SINCGARS radio (Single Channel Ground and Airborne Radio System) [1]. By the way, a dear friend of mine sent me a 188-220 recording but once demodulated it uses 16 bits encoding patterns frames instead of 15 bits ones (Fig. 4). "I guess it is some modern crypto using a backwards compatibility mode, the clue is that it could be KY-99 that is the replacement for KY-57 in SINCGARS, but that point is unconfirmed. More signals and work will be necessary to clarify these points", my friend says.

Fig. 4

It is interesting to see how NATO KG-84 encryption relates to 188-220 Appendix D (Fig. 5).KG-84 is similar to the emebedded COMSEC transmission frame, although the 64-bit pattern of KG-84 Standard Frame sync

1111101111001110101100001011100011011010010001001100101010000001

is different from the patterns reported in Appendix D for Standard and Robust Frame sync. Moreover, the Message Indicator is not encoded using the Phi 15 bits, although it is redundantly encoded. That's probably ok since KG-84 is based on SAVILLE algorithm and 188-220 is VINSON based. Note as in some KG-84 "detectors" the Standard Frame sync is termed as "SYNC" and the MI data as "Initialization vectors".

Fig. 5 - NATO KG-84 encryption and 188-220 embedded COMSEC

The Turkish-Mil FSK, also using KG-84, deserves aside consideration (Fig. 6). Perhaps they encode the Mesage Indicator field using Golay and do not use redundant n-bit encoding, but it's only IMO. However "the encoding with Phi patterns is used for backward compatibility", 188-220 says.

Fig. 6 - Turkish-Mil FSK and 188-220 embedded COMSEC

As a final note, the Russian waveform Makhovik has many similarities with the transmission frames described in 188-220.(to be continued)